2 matches found
CVE-2025-10755
CVE-2025-10755 affects Selleo Mentingo 2025.08.27, with the vulnerable component in the Content-Type Handler. The issue arises from manipulation of the argument userAvatar , leading to unrestricted file uploads. The attack is described as remote and publicly exploitable; multiple sources cite a p...
CVE-2025-48480
CVE-2025-48480 affects FreeScout prior to version 1.8.180. An authorized user with the administrator role or with the privilege User::PERM_EDIT_USERS can create a user and specify the avatar path as ../.htaccess, then delete the avatar, causing deletion of the .htaccess file in the folder /storag...